fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-08 11:33:55 +09:00
Code Issues Projects Releases Packages Wiki Activity

Enforce CSRF tokens if option is enabled

Browse source
This commit is contained in:
Kijin Sung 2018-10-10 18:20:48 +09:00
parent 73e79fe547
commit 1d35511e04
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
common/framework/security.php
View file

@ -326,13 +326,14 @@ class Security
} }
else else
{ {
if (Session::getMemberSrl()) $is_logged = Session::getMemberSrl();
if ($is_logged)
{ {
trigger_error('CSRF token missing in POST request: ' . (\Context::get('act') ?: '(no act)'), \E_USER_WARNING); trigger_error('CSRF token missing in POST request: ' . (\Context::get('act') ?: '(no act)'), \E_USER_WARNING);
} }
$referer = strval($referer ?: $_SERVER['HTTP_REFERER']); $referer = strval($referer ?: $_SERVER['HTTP_REFERER']);
if ($referer !== '') if ($referer !== '' && (!config('security.check_csrf_token') || !$is_logged))
{ {
return URL::isInternalURL($referer); return URL::isInternalURL($referer);
} }